CVE-2026-22859
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk51th percentile - higher than 51% of all known CVEs
Summary
In FreeRDP prior to version 3.20.1, the URBDRC client does not perform bounds checking on server-supplied MSUSB_INTERFACE_DESCRIPTOR values, using them as indices in libusb_udev_complete_msconfig_setup, which causes an out-of-bounds read.
Risk Assessment
A malicious RDP server could exploit this vulnerability to read memory from the client, potentially leaking sensitive information or causing client instability.
Recommendation
Upgrade FreeRDP to version 3.20.1 or later immediately, which includes a fix for this vulnerability.
Original NVD description (English source)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

